The success of a web application penetration testing project is directly proportional to the quality of its execution cycle. Executing a penetration testing project is very different from executing a functional testing project given the fundamentally different goals and challenges of penetration testing and vulnerability analysis. It is therefore surprising that very little published work deals with the unique challenges of the practical aspects of penetration testing projects.